CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21110 – Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21110
An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root on the target guest system. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3660 – Arbitrary code injection vulnerability in Keras framework < 2.13
https://notcve.org/view.php?id=CVE-2024-3660
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. • https://kb.cert.org/vuls/id/253266 https://www.kb.cert.org/vuls/id/253266 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3871 – Authenticated Remote Command Injection in Delta Electronics DVW
https://notcve.org/view.php?id=CVE-2024-3871
This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. • https://onekey.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1961 – Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb
https://notcve.org/view.php?id=CVE-2024-1961
This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application's configuration file, especially when the application is run outside of Docker. ... Esta falla puede provocar la ejecución remota de código (RCE) al sobrescribir archivos críticos, como el archivo de configuración de la aplicación, especialmente cuando la aplicación se ejecuta fuera de Docker. • https://huntr.com/bounties/5f602914-3e5d-407a-b8ce-fb444a4e8bb3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3571 – Path Traversal in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-3571
An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. • https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412 https://huntr.com/bounties/2df3acdc-ee4f-4257-bbf8-a7de3870a9d8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •